AvastVirusinfo
AvastVirusinfo is a ransomware that runs on Microsoft Windows. It is aimed at Russian-speaking users, but the note also contains text in English. Payload Transmission AvastVirusinfo is distributed through email spam and malicious attachments, exploits, fake updates, repackaged and infected installers. Infection AvastVirusinfo encrypts (in fact, spoils) the user data using the logical operation OR bytes from file 1. It is not possible to recover files after this. The name is given by the ransomware mail login. It encrypts the following extensions: .000, .002, .003, .004, .005, .006, .007, .008, .009, .010, .1cd, .1st, .264, .2bp, .3d, .3D, .3d4 .3df8, .3dm, .3dr, .3ds, .3fr, .3g2, .3ga, .3gp, .3gp2, .3mm, .3pr, .4db, .4dl, .4mp, .73i, .7z,. 7z001, .7z002, .7zip, .8xi, .9png, .a00, .a01, .a02, .a03, .a04, .a05, .a3d, .aa, .aac, .ab4, .abk, .abm, .abr, .abs, .abw, .ac3, .accdb, .accdc, .accde, .accdr, .accdt, .accdw, .accft, .ace, .ach, .acr, .act, .adadownload, .adb , .ade, .adi, .adn, .adp, .adpb, .adr, .ads, .adt, .af2, .af3, .aft, .afx, .agdl, .agg, .agif, .agp,. ahd, .ai, .aic, .aiff, .aim, .ain, .aip, .air, .ais, .ait, .al, .albm, .alf, .als, .alx, .alz, .amf, .amr, .amu, .amx, .amxx, .ani, .ans, .aoi, .ap, .apd, .ape, .api, .apj, .apk, .apm, .apng, .app, .application .appx, .appxbundle, .aps, .apt, .apx, .apz, .ar, .arc, .arh, .ari, .arj, .ark, .aro, .arr, .art, .artwork,. arw, .asa,.asc, .ascii, .ascx, .ase, .asec, .asf, .ashx, .ask, .asm, .asmx, .asp, .aspx, .asr, .asw, .asx, .asy, .atom, .aty, .aup, .avatar, .avi, .avs, .awdb, .awg, .awp, .aws, .awt, .aww, .axx, .azw, .azw3, .azz, .b1, .b64 .ba .back, .backup, .backupdb, .bad, .bak, .bank, .bar, .bas, .bat, .bay, .bbb, .bbc, .bbs, .bc, .bck, .bdb .bdp, .bdr, .bean, .bgt, .bh, .bhx, .bib, .bic, .big, .bik, .bin, .bkf, .bkp, .blend, .blf, .blkrt,. blp, .bm2, .bmc, .bmf, .bml, .bmp, .bmx, .bmz, .bna, .bnd, .bndl, .boc, .bok, .boo, .bp2, .bp3, .bpl, .bpw, .brk, .brn, .brt, .bsp, .bss, .btd, .bti, .btm, .btr, .bz, .bz2, .bza, .bzabw, .bzip, .bzip2, .c .c00, .c01, .c02, .c03, .c10, .c4, .c4d, .cab, .cache, .cad, .cag, .cal, .cals, .cam, .can, .cap, car, .cb7, .cba, .cbr, .cbz, .cc, .ccd, .cch, .cd, .cd5, .cda, .cdb, .cdc, .cdf, .cdg, .cdmm, .cdmt, .cdmtz, .cdmz, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdt, .cdx, .cdz, .ce1, .ce2, .cer, .cf, .cfg, .cfm, .cfp, .cfu, .cgf, .cgi, .cgm, .chart, .chk, .chm, .chord, .cib, .cimg, .cin, .cit, .ckp, .class, .clear, .clf, .clkw, .clr, .cls, .cma .cmd, .cms, .cmt, .cmx, .cnf, .cnm, .cnt, .cnv, .cod, .coff, .col, .colz, .com, .config, .contact, .cp,. cp9, .cpc, .cpd, .cpg, .cpi, .cpio, .cpl, .cpp, .cpr, .cps, .cpt, .cpx, .cr2, .craw, .crd, .crdownload, .crt, .crw, .crwl, .crypt, .cs, .csh, .csi, .csl, .cso, .css, .csv, .csy, .ct, .ctt, .cty, .cue, .cv5, .cvg .cvi, .cvs, .cvx, .cwf, .cwt, .cxf, .cyi, .czip, .daa, .dac, .daconnections, .dacpac, .dad, .dadiagrams, .daf, .dal,. dao, .dap, .daschema, .dash, .dat, .db, .db_journal, .db2, .db3, .dbb, .dbc, .dbf, .dbk, .dbr, .dbs, .dbt, .dbv, .dbx, .dc2, .dca, .dcb, .dcp, .dcr, .dcs, .dct, .dcu, .dcx, .dd, .ddc, .ddcx, .ddd, .ddl, .ddoc,.ddrw, .dds, .deb, .ded, .dem, .der, .des, .design, .deskthemepack, .dev, .dex, .df1, .dgc, .dgn, .dgs, .dgt, .dhs .dib, .dic, .dicom, .dif, .dii, .dir, .disk, .dist, .dit, .divx, .diz, .djv, .djvu, .dlc, .dll, .dm3,. dmg, .dmi, .dmo, .dmp, .dnc, .dne, .dng, .dob, .doc, .docm, .docx, .docxml, .docz, .dot, .dotm, .dotx, .download, .dox, .dp1, .dpk, .dpl, .dpp, .dpr, .dpx, .dqy, .drf, .drv, .drw, .drz, .dsk, .dsn, .dsp, .dsv, .dt .dt2, .dta, .dtd, .dtsx, .dtw, .dump, .dvd, .dvf, .dvi, .dvl, .dvr, .dvx, .dwfx, .dwg, .dx, .dxb, .dxe, .dxf, .dxg, .dxl, .dz, .ebd, .eco, .ecs, .ecw, .ecx, .edb, .edi, .efd, .efw, .egc, .eio, .eip, .eit, .elf, .email, .emd, .emf, .eml, .emlx, .emz, .eng, .eot, .ep, .epf, .epi, .epp, .eps, .epsf, .epub .eql, .erbsql, .erf, .err, .etf, .etx, .euc, .evo, .evtx, .ex, .exe, .exf, .exif, .exr, .f, .f90,. fadein, .fal, .faq,.fax, .fb2, .fb3, .fbl, .fbx, .fcd, .fcf, .fdb, .fdf, .fdp, .fdr, .fds, .fdt, .fdx, .fdxt, .fes, .ff, .ffd, .fff, .fft, .fh, .fh10, .fh11, .fh3, .fh4, .fh5, .fh6, .fh7, .fh8, .fhd, .fic, .fid, .fif, .fig .fil .fla .flac .flc .flf .fli .flp .flr .flv .flvv .fm .fm5 .fmp .fmp12 .fmpsl .fmv fodt, .fol, .for, .fountain, .fp3, .fp4, .fp5, .fp7, .fp8, .fpos, .fpp, .fpt, .fpx, .frt, .ft10, .ft11, .ft7, .ft8, .ft9, .ftn, .fwdn, .fxc, .fxg, .fzb, .fzv, .g3, .g64, .gadget, .gam, .gb, .gba, .gbk, .gca, .gcdp .gdb .gdoc .gdraw .gem .geo .gfb .gfie .ggr .gho .gif .gih .gim .gio .glox .gmbck .gmspr. gmz, .gp4, .gp5, .gpd, .gpg, .gpn, .gpx, .gray, .grey, .grf, .gro, .grob, .groups, .grs, .grw, .gry, .gsd, .gsheet, .gslides, .gthr, .gtp, .gv, .gwi, .gz, .gz2, .gza, .gzi, .gzig, .gzip, .h, .h264, .h3m, .h4r, .ha .hbc, .hbc2, .hbe,.hbk, .hdb, .hdd, .hdp, .hdr, .hht, .hi, .his, .hki, .hki1, .hki2, .hpg, .hpgl, .hpi, .hpl, .hpp, .hqx .hs, .htc, .htm, .html, .hwp, .hz, .i3d, .ib, .iba, .ibank, .ibd, .ibooks, .ibz, .icn, .icns, .ico,. icon, .icpr, .ics, .idc, .idea, .idx, .iff, .ifo, .igt, .igx, .ihtml, .ihx, .iif, .iil, .iiq, .imd, .img, .inc, .incpas, .ind, .indd, .inf, .info, .ini, .ink, .int, .inv, .ipa, .ipd, .ipf, .ipsw, .ipx, .iso, .isu .isz, .itc2, .itdb, .itl, .itw, .iwd, .iwi, .j, .j2c, .j2k, .jad, .jar, .jarvis, .jas, .jav, .java,. jb2, .jbig, .jbig2, .jbmp, .jbr, .jc, .jfif, .jgz, .jia, .jif, .jiff, .jis, .jng, .jnt, .joe, .jp1, .jp2, .jpc, .jpe, .jpeg, .jpf, .jpg, .jpg2, .jps, .jpw, .jpx, .jrtf, .js, .json, .jsp, .jtf, .jtx, .jwl, .jxr .kc2, .kdb, .kdbx, .kdc, .kdi, .kdk, .kes, .kext, .key, .keynote, .kic, .klg, .kml, .kmz, .knt, .kon, kpdx, .kpg, .ksd, .kwd,.kwm, .laccdb, .latex, .lav, .lbi, .lbm, .lbt, .lcd, .lcf, .ldb, .ldf, .ldif, .lgc, .lgp, .lha, .lib, .lis, .lit, .ljp, .lmk, .lng, .lnk, .lnt, .log, .logic, .lp2, .lrc, .lrtemplate, .lst, .ltm, .ltr, .ltx, .lua, .lue .luf, .lvl, .lwo, .lwp, .lws, .lxfml, .lyt, .lyx, .lzo, .lzx, .m, .m2t, .m2ts, .m2v, .m3d, .m3u,. m3u8, .m4a, .m4b, .m4p .m4v, .ma, .mac, .maf, .mag, .mam, .man, .map, .mapimail, .maq, .mar, .mat, .maw,. max, .mb, .mbm, .mbox, .mbx, .mbz, .mcd, .md, .md3, .md5, .md5txt, .mdb, .mdbackup, .mdbhtml, .mdc, .mde, .mdf, .mdi, .mdl, .mdn, .mds, .mdt, .mdx, .me, .mef, .mell, .mft, .mfw, .mgcb, .mgmf, .mgmt, .mgmx, .mgtx, .mht .mhtml, .mic, .mid, .midi, .min, .mip, .mkv, .ml, .mlb, .mlx, .mmat, .mmf, .mmw, .mng, .mnr, .mnt,. mny, .mobi, .mod, .moneywell, .mos, .mov, .moz, .mp3, .mp4, .mpd, .mpe, .mpeg, .mpf, .mpg, .mpo, .mpp, .mpt, .mrg,.mrw, .mrxs, .msg, .msi, .msmessagestore, .mso, .msp, .msu, .mswmm, .mt9, .mts, .mud, .mui, .mwb, .mwp, .mxf, .mxl, .mxp, .myd, .myl, .n64, .nav, .nba, .nbf, .nbh, .nbu, .ncd, .nco, .ncr, .nct, .nd, .ndd, .ndf, .nds .nef, .nes, .nfo, .njx, .nk2, .nlm, .nop, .notes, .now, .npf, .npr, .nrg, .nri, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nv2, .nvram, .nwb, .nwctxt, .nx1, .nx2, .nxl, .nyf, .nzb, .o, .oab, .obj, .oc3, .oc4, .oc5, .oce, .oci, .ocr, .ocx, .odb, .odc, .odf, .odg, .odi, .odm, .odo, .odp, .ods, .odt , .ofl, .oft, .ofx, .oga, .ogg, .ogv, .oil, .old, .omf, .one, .onepkg, .openbsd, .opf, .oplc, .opml, .oqy,. ora, .orf, .ort, .orx, .ost, .ota, .otf, .otg, .oth, .oti, .otp, .ots, .ott, .out, .ova, .ovf, .ovp, .ovr, .owc, .owg, .owl, .oxps, .oxt, .oyx, .ozb, .ozj, .ozt, .p12, .p7b, .p7c, .p7s, .p96, .p97, .pab .pages, .pak, .pal, .pan,.pano, .pap, .part, .partial, .pas, .pat, .pbf, .pbm, .pbo, .pbp, .pbs, .pc1, .pc2, .pc3, .pcd, .pcl, .pcm, .pcs, .pct, .pcv, .pcx, .pdb, .pdd, .pdf, .pdm, .pdn, .pe4, .pef, .pem, .pfd, .pff, .pfi, .pfs, .pfv .pfx, .pgf, .pgm, .pgp, .phm, .php, .phtml, .pi1, .pi2, .pi3, .pic, .pict, .pif, .pip, .pix, .pjpeg, .pjpg, .pjt, .pkb, .pkg, .pkh, .pkpass, .pl, .plantuml, .plc, .pli, .plist, .pls, .plt, .plugin, .plus_muhd, .pm, .pmd, .pmg, .png, .pni, .pnm, .pntg, .pnz, .pobj, .pop, .pos, .pot, .potm, .potx, .pp4, .pp5, .ppam, .ppd, .ppf .ppm, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prc, .prf, .prg, .prj, .prn, .pro, .prproj, .prt, .prw,. ps, .psa, .psafe3, .psb, .psd, .psdx, .pse, .psid, .psp, .pspbrush, .pspimage, .pst, .psw, .ptg, .pth, .pts, .ptx, .pu, .pub, .puz, .pvj, .pvm, .pvr, .pwa, .pwf, .pwi, .pwm, .pwr, .px, .pxp, .pxr, .py, .pz3, .pza .pzl,.pzp, .pzs, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby, .qcow, .qcow2, .qdf, .qdl, .qed, .qel, .qif, .qmg .qpx, .qry, .qtq, .qtr, .qvd, .r00, .r01, .r02, .r03, .r04, .r05, .r06, .r07, .r08, .r09, .r10,. r3d, .ra, .raf, .rar, .ras, .rat, .raw, .rb, .rc, .rctd, .rcu, .rdb, .rdl, .readme, .rec, .ref, .reg, .rem, .rep, .res, .rev, .rft, .rgb, .rgf, .rgn, .rib, .ric, .riff, .ris, .rix, .rle, .rli, .rm, .rmvb .rng, .rom, .rpd, .rpf, .rpm, .rpt, .rri, .rrt, .rs, .rsb, .rsc, .rsd, .rsr, .rsrc, .rss, .rst,. rsw, .rt, .rtd, .rte, .rtf, .rts, .rtx, .rum, .run, .rv, .rvt, .rw2, .rwl, .rwz, .rzk, .rzn, .s2mv, .s3db, .s3m, .sad, .saf, .safariextz, .safe, .safetext, .sai, .sam, .sas7bdat, .sav, .save, .say, .sbf, .sbu, .scad, .scc .sci, .scm, .scn, .scpt, .scr, .scriv, .scrivx, .sct, .scv, .scw, .scx, .sd0, .sd7, .sda, .sdb, .sdc, sdd, .sdf, .sdm, .sdn, .sdoc,.sds, .sdt, .sdw, .sdxf, .sen, .sep, .sfc, .sfcache, .sfera, .sfs, .sfw, .sfx, .sgm, .sgml, .sh, .sha, .shar .shr, .shs, .shtml, .shw, .sig, .sis, .sisx, .sit, .sitd, .sitx, .sk1, .sk2, .skcard, .skm, .skn, .skp,. sla, .slagz, .sld, .sldasm, .slddrt, .slddrw, .sldm, .sldprt, .sldx, .sls, .slt, .smc, .smd, .smf, .smil, .sms, .snagitstamps, .snagstyles, .snd, .sng, .snp, .so, .sob, .spa, .sparsebundle, .spb, .spe, .sph, .spj, .spp, .spq, .spr, .sqb, .sql .sqlite, .sqlite3, .sqlitedb, .sqx, .sr2, .src, .srf, .srm, .srt, .srw, .ssa, .ssfn, .ssh, .ssk, .st, .st4,. st5, .st6, .st7, .st8, .stc, .std, .stdf, .ste, .sti, .stl, .stm, .stn, .stp, .str, .strings, .stt, .stw, .stx, .sty, .sub, .sud, .sumo, .sup, .sva, .svf, .svg, .svgz, .svi, .svp, .svr, .swd, .swf, .swp, .sxc .sxd, .sxg, .sxi, .sxm, .sxw, .sys, .t2b, .tab, .tao, .tar, .tar.gz, .tax2013,.tax2014, .tb0, .tbl, .tbn, .tbz2, .tc, .tch, .tcx, .tdf, .tdt, .te, .teacher, .temp, .template, .tex, .texinfo, .text, .tfc, .tg, .tg4, .tga, .tgz, .theme, .themepack, .thm, .thmx, .thp, .thumb, .tib, .tif, .tiff, .tjp, .tlb, .tlc .tlg, .tlz, .tm, .tm2, .tmd, .tmp, .tmv, .tmx, .tn, .tne, .toast, .tod, .torrent, .tp, .tpc, .tpi tpl, .tpu, .tpx, .trelby, .trm, .troff, .trp, .ts, .tsv, .ttc, .ttf, .tu, .tur, .tvj, .txd, .txf, .txt, .u3d, .u3i, .uax, .udb, .udf, .ufo, .ufr, .uga, .uif, .umx, .unauth, .unity, .unr, .unx, .uof, .uop, .uot .upd, .upg, .upoi, .url, .usa, .usr, .usx, .ut, .ut2, .ut3, .utc, .utf8, .uts, .utx, .utxt, .uvx, uxx, .v12, .v64, .val, .vault, .vb, .vbox, .vbproj, .vbr, .vbs, .vc, .vcd, .vcf, .vcproj, .vct, .vda, .vdb, .vdi, .vdo, .vec, .veg, .ver, .vff, .vhd, .vhdx, .vmdk, .vmem, .vmf, .vml, .vmsd, .vmt, .vmwarevm, .vmx,vmxf, .vnt, .vob, .vpd, .vpe, .vrml, .vrp, .vsd, .vsdm, .vsdx, .vsi, .vsm, .vst, .vstm, .vstx, .vsx, .vtf, .vtx, .vue, .vw, .vxd, .w3g, .w3x, .wab, .wad, .wallet, .war, .wav, .wave, .waw, .wb1, .wb2, .wba, .wbc .wbcat, .wbd, .wbk, .wbm, .wbmp, .wbz, .wcf, .wdb, .wdgt, .wdp, .webarchive, .webdoc, .webm, .webp, .wgz, .wif,. wire, .wks, .wll, .wlmp, .wm, .wma, .wmd, .wmdb, .wmf, .wmmp, .wmv, .wmx, .wn, .woff, .wotreplay, .wow, .wowpreplay, .wp, .wp4, .wp5, .wp6, .wp7, .wpa, .wpb, .wpd, .wpe, .wpg, .wpk, .wpl, .wps, .wpt, .wpw, .wri, .wsc .wsd, .wsh, .wtd, .wtf, .wtx, .wvl, .wvx, .x, .x_t, .x11, .x3d, .x3f, .xap, .xar, .xbdoc, .xbplate,. xdb, .xdl, .xhtml, .xis, .xl, .xla, .xlam, .xlb, .xlc, .xld, .xlf, .xlgc, .xlk, .xll, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlv, .xlw, .xlwx, .xmi, .xmind, .xml, .xmmap, .xpi, .xpm, .xpp, .xps, .xpt, .xsd, .xsl, .xslt, .xsn, .xvid, .xwd, .xwp, .xy3, .xyp, .xyw, .xz, .y .yab, .yal, .ybk, .ycbcra, .yml, .yps, .ysp, .yuv, .z01, .z02, .z03, .z04, .z05, .z3d, .zabw, .zap, .zdb, .zdc, .zif, .zip, .zipx .zoo, .zw Then it requires a ransom of $ 15 to return the files. It drops a ransom note called HOW TO DECRYPT FILES.txt. It saids the following: Attention! All your files are encrypted! To learn how to recover your files and access them, write to avastvirusinfo@yandex.com - We answer no more than 2 times! The price is at least $ 15. We don’t decrypt any file for free! (Flooded zadolbali!). Beware of scammers: "thyrex" and the like, they will not personally help you but they will persuade you not to pay (Without evidence!)! What happened to your files? All of your files were protected by a strong encryption. There is no way to decrypt your files without the key. If your files not important for you just reinstall your system. If your files is important just email us to discuss the price and how to decrypt your files. You can email us to avastvirusinfo@yandex.com Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Win32 trojan Category:Trojan